Exemple #1
0
 public function completeRegistrationAction($token)
 {
     $em = $this->app->entityManager;
     $registrationRepository = $em->getRepository(EntityNames::REGISTRATION);
     $origRegistration = $registrationRepository->findOneBy(array('token' => $token));
     $submittedPass = $this->app->request->post('password');
     if (!$origRegistration instanceof Registration) {
         $this->app->flashNow('registration.error', 'Token not found');
         $this->app->render('registration-form.html.twig', array('token' => $token, 'user' => null));
         return;
     }
     try {
         PasswordValidator::validatePassword($submittedPass);
     } catch (PasswordInvalidException $pie) {
         $this->app->flashNow('registration.error', 'Password must be at least 8 characters long');
         $this->app->render('registration-form.html.twig', array('token' => $token, 'user' => $origRegistration->getUser()));
         return;
     }
     $passwordHash = PasswordHandler::hash($submittedPass);
     $user = $origRegistration->getUser();
     $user->setIsLocked(false);
     $user->setHasEmailValidated(true);
     $user->setPasswordHash($passwordHash);
     $em->remove($origRegistration);
     // force update
     try {
         $em->flush();
     } catch (DBALException $dbalex) {
         $now = new DateTime();
         $this->app->log->error(sprintf('[%s]: %s', $now->format('d-m-Y H:i:s'), $dbalex->getMessage()));
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::CONFLICT, $dbalex->getMessage());
         return;
     }
     $this->app->redirect('/login');
 }
Exemple #2
0
 public function authenticateAction()
 {
     /** @var \rmatil\cms\Login\LoginHandler $loginHandler */
     $loginHandler = $this->app->loginHandler;
     if (PHP_SESSION_NONE === session_status()) {
         session_start();
     } else {
         $loginHandler->logout();
     }
     // requires SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
     // in htaccess for forwarding Basic-Auth headers
     $auth = $this->app->request->params('username');
     $pw = $this->app->request->params('password');
     if (null === $auth || null === $pw) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::BAD_REQUEST, 'Username and password must be specified');
     }
     try {
         $loginHandler->login($auth, $pw, $this->app->request->getPath());
     } catch (UserNotFoundException $unfe) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::NOT_FOUND, $unfe->getMessage());
         return;
     } catch (WrongCredentialsException $wce) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::FORBIDDEN, $wce->getMessage());
         return;
     } catch (UserLockedException $ule) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::FORBIDDEN, $ule->getMessage());
         return;
     } catch (AccessDeniedException $ade) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::FORBIDDEN, $ade->getMessage());
         return;
     }
 }
Exemple #3
0
 public function deleteFileByIdAction($id)
 {
     try {
         $this->app->dataAccessorFactory->getDataAccessor(EntityNames::FILE)->delete($id);
     } catch (EntityNotDeletedException $ende) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::CONFLICT, $ende->getMessage());
         return;
     }
     $this->app->response->setStatus(HttpStatusCodes::NO_CONTENT);
 }
Exemple #4
0
 public function deleteArticleCategoryByIdAction($id)
 {
     try {
         $this->app->dataAccessorFactory->getDataAccessor(EntityNames::ARTICLE_CATEGORY)->delete($id);
     } catch (EntityNotFoundException $enfe) {
         ResponseFactory::createNotFoundResponse($this->app, 'Could not find article category');
         return;
     }
     $this->app->response->setStatus(HttpStatusCodes::NO_CONTENT);
 }
Exemple #5
0
 public function deletePageCategoryByIdAction($id)
 {
     try {
         $this->app->dataAccessorFactory->getDataAccessor(EntityNames::PAGE_CATEGORY)->delete($id);
     } catch (EntityNotFoundException $enfe) {
         ResponseFactory::createNotFoundResponse($this->app, $enfe->getMessage());
         return;
     }
     $this->app->response->setStatus(HttpStatusCodes::NO_CONTENT);
 }
Exemple #6
0
 public function deleteLanguageByIdAction($id)
 {
     try {
         $this->app->dataAccessorFactory->getDataAccessor(EntityNames::LANGUAGE)->delete($id);
     } catch (EntityNotFoundException $enfe) {
         ResponseFactory::createNotFoundResponse($this->app, 'Could not find language');
         return;
     }
     $this->app->response->setStatus(HttpStatusCodes::NO_CONTENT);
 }
Exemple #7
0
 /**
  * Call
  *
  * Perform actions specific to this middleware and optionally
  * call the next downstream middleware.
  */
 public function call()
 {
     /** @var \rmatil\cms\Login\LoginHandler $loginHandler */
     $loginHandler = $this->app->loginHandler;
     if (!$loginHandler->isRouteProtected($this->app->request->getPath())) {
         // if route is not protected, just forward request to next middleware
         $this->next->call();
         return;
     }
     // requires SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
     // in htaccess for forwarding Basic-Auth headers
     $auth = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : null;
     $pw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : null;
     if (null === $auth || null === $pw) {
         // Send 401 along with authenticate field if header is absent and route is protected
         // @link http://tools.ietf.org/html/rfc1945#section-11
         ResponseFactory::createUnauthorizedResponse($this->app, $this->realm);
         return;
     }
     try {
         $user = $loginHandler->authenticateUser($auth, $pw);
         $loginHandler->isGranted($this->app->request->getPath(), $user->getUserGroup()->getRole());
     } catch (UserNotFoundException $unfe) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::NOT_FOUND, $unfe->getMessage());
         return;
     } catch (WrongCredentialsException $wce) {
         // resend basic auth login form, if credentials are wrong
         ResponseFactory::createUnauthorizedResponse($this->app, $this->realm);
         return;
     } catch (UserLockedException $ule) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::FORBIDDEN, $ule->getMessage());
         return;
     } catch (AccessDeniedException $ade) {
         ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::FORBIDDEN, $ade->getMessage());
         return;
     }
     $this->next->call();
 }
Exemple #8
0
 public function getEmptyArticleAction()
 {
     $article = new Article();
     $article->setAuthor($this->app->entityManager->getRepository(EntityNames::USER)->find($_SESSION['user_id']));
     $now = new DateTime('now', new DateTimeZone('UTC'));
     $article->setCreationDate($now);
     $article->setLastEditDate($now);
     ResponseFactory::createJsonResponse($this->app, $article);
 }
Exemple #9
0
 public function getEmptyUserAction()
 {
     $userGroup = $this->app->entityManager->getRepository(EntityNames::USER_GROUP)->findOneBy(array('name' => 'ROLE_USER'));
     $user = new User();
     $user->setUserGroup($userGroup);
     ResponseFactory::createJsonResponse($this->app, $user);
 }
Exemple #10
0
 public function getEmptyPageAction()
 {
     $page = new Page();
     $userRepository = $this->app->entityManager->getRepository(EntityNames::USER);
     $origUser = $userRepository->findOneBy(array('id' => $_SESSION['user_id']));
     $page->setAuthor($origUser);
     $now = new DateTime();
     $page->setCreationDate($now);
     $page->setLastEditDate($now);
     ResponseFactory::createJsonResponse($this->app, $page);
 }